News

Twitter Attack May Have Its Origins in Malware

System administrators might be more pleased than dismayed when a social networking site such as Twitter locks out millions of users.

After all, conventional wisdom at companies suggests that no one except product marketers should be "tweeting" anyway. However, Thursday's denial-of-service (DoS) attack hitting Twitter is still noteworthy for IT security pros and administrators. Social networking appears here to stay, but such Web sites can be a launch pad for malware, phishing and spoofing attacks.

A Twitter blog indicated late on Thursday that its social networking site had faced a "massive, globally distributed attack," but that the service is mostly restored.

The Twitter DoS attack is said to have originated in Russia or the former Soviet republic of Georgia. It locked up a site that may support around 45 million users. The Twitter service promises a near real-time medium of information exchange, and when information moves that fast, so can malicious code.

"The Twitter outage was yet another case of growing pains with Twitter infrastructure simply not being able to keep up with the load associated with their rapid growth," said Paul Henry, security and forensics analyst at Lumension. "The onslaught of bogus messages that are directing users to malicious pages may in fact be overwhelming Twitter."

Meanwhile, some organizations are saying "No" to the social networking experiment. The U.S. Marine Corp. this week banned marines from using Twitter for a year, as well as Facebook.

The military service explained in a statement that social networking sites are generally "a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries." The U.S. Department of Defense is also putting social media technology under review.

Currently, a new version of the Koobface malware has been found in the wild that is using both Twitter and Facebook messages to lure potential victims to fake antivirus Web pages.

Twitter last month suspended several user accounts plagued by Koobface. Once a user is logged on to a social networking site, Koobface deploys fake messages, enticing a user's friend or follower to click on a link in the fake message. It's a textbook example of phishing.

The heavy use of URL-shortening on Twitter has made it nearly impossible to identify the domain. Consequently, it's easier to pass off a corrupt link as a trusted one through a Twitter message.

Twitter recently started filtering URLs to cut back on the amount of malware that users experience. However, the motivation behind Thursday's DoS attack might be inspired more by spite than revenge, according to Randy Abrams, director of technical education at security firm ESET.

"Twitter's actions must have hurt the bottom line of some criminal organizations, but there are still other ways thieves can make money and they make none at all if Twitter is down," Abrams said. "This leads to the thought that either it is a revenge attack by a disgruntled idiot or an attempt to gain fame by a hacker with more technical skills than brains."

Whatever the reason for the attack, it safe to say that as social networking grows in popularity and corporate use, so too will it grow as a vector for malicious activity that's just one "tweet" away.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.